Trend Micro Launches Real-Time Threat-Management Network Monitoring

Trend Micro has added new tools and capabilities to provide real-time network monitoring and remediation to handle advanced persistent threats.

Trend Micro
updated its network-analysis tools and threat-management services to help
organizations stop advanced persistent threats before they break into the
network and do serious damage.
The line of
Real-Time Threat Management network appliances monitor network traffic for
incoming malware and outgoing botnet activity, Trend Micro said June 13. The
appliances provide organizations with detailed insights into the type of
malware and other threats that may be trying to enter the network as well as
actual remedies and cleanup capabilities.

APTs are a
class of sophisticated stealth attacks that lurk in the network for a period of
time to steal sensitive data and intellectual property. Organizations often
don't discover an infection or a network breach until weeks or months have gone
by, Glessner said.
The Threat
Management System appliance relies on its sandboxing technology to detect and
identify real-time evidence of hacker activity or malware infections, Kevin
Faulkner, director of product marketing, told eWEEK. TMS complements Trend Micro's flagship endpoint security
product OfficeScan and server-based intrusion-detection offering DeepSecurity.
TMS consists
of the Threat Discovery appliance and the Threat Mitigator. Threat Discovery
sits offline and inspects inbound, outbound and internal network traffic using
a combination of signature-, behavior- and reputation-based scanning techniques
to identify malicious activity and malware. Threat Mitigator handles automated
remediation such as cleaning up infections on compromised machines.
Customers need
a two-pronged approach when fighting APTs. Organizations should take preventive
measures, but should also assume an attack is inevitable and put in mechanisms
to detect an attack, be alerted immediately and remedy the threat.
Malware developers are increasingly using sophisticated
obfuscation techniques and automatic updates to make it difficult for endpoint-security
programs to detect malicious code. A significant number of initial TMS
customers found malware active on their networks despite having security
measures in place, Glessner said.
The new Threat
Intelligence Manager uses Trend Micro's database of threats to have the most
up-to-date information to block incoming infections. It correlates and analyzes
log information collected by OfficeScan, DeepSecurity and TMS to improve
detection and response rates. The threat-intelligence service provides
organizations with log-management SIEM (security information and event management)
capabilities, Faulkner said.
The Threat
Intelligence Manager displays the data in a fully customizable dashboard that
gives a high-level overview of the threats that may target the network. IT administrators
can configure notifications to warn the IT team when certain thresholds and
risk factors are met.
The system
looks at unusual macros in Word and PDF documents and checks outbound traffic
to ensure the systems aren't trying to contact known command-and-control
servers and other malicious sites.
Trend Micro is
positioning its new line to complete with products such as the NetWitness
NextGen visibility-monitoring system acquired by RSA Security earlier this
year.
TMS pricing
starts at $20,000 for 1,000 users. Threat Intelligence Manager starts at $6,250
for 1,000 users.